<?php

/*

Penny Store (penny_store.php)

*/

$page_title = "Penny Store";
$rank_check = 1;
include "header.inc.php";

if ($act == "get")
{
	$find_item = mysql_fetch_array(mysql_query("SELECT * FROM penny_store2 WHERE id = '$item_id' AND game = '$game'"));
	$find_item2 = mysql_fetch_array(mysql_query("SELECT * FROM items2 WHERE id = '$find_item[item_id]' AND game = '$game'"));

	if (!$find_item2[item_name])
	{
		mysql_query("DELETE FROM penny_store2 WHERE id = '$item_id' AND game = '$game'");
		die("$openHTML<p>That isn't a real item.</p>$closeHTML");
	}
	if (!$find_item[id]) { die("$openHTML<p>This item is out of stock, sorry!</p>$closeHTML"); }
	if ("1" > "$points") { die("$openHTML<p>You do not have enough points for this item.</p>$closeHTML"); }

	// Start Check

	$checking = "pennystore";
	$limit1 = 10;
	$limit = $timestamp - $limit1;

	$findCheck = fetch("SELECT * FROM checking2 WHERE userid = '$userid' AND check_what = '$checking' AND timestamp > '$limit'");

	if ($findCheck[id])
	{
		die("$openHTML<p>You can only purchase items from the penny store every $limit1 seconds. <a href=$base_url/penny_store.php?game=$game>Back</a></p>$closeHTML");
	}

	if (!$findCheck[id])
	{
		mysql_query("DELETE FROM checking2 WHERE userid = '$userid' AND check_what = '$checking' AND game = '$game'");
		mysql_query("INSERT INTO checking2 (userid,check_what,timestamp,game) VALUES ('$userid','$checking','$timestamp','$game')");
	}

	// End Check

	if (($HTTP_REFERER != "$base_url/penny_store.php?game=$game") AND ($HTTP_REFERER != "$base_url/penny_store.php?game=$game&error=The+item+has+been+purchased!")) { die("$openHTML<p>You were referred here from the wrong URL. <a href=$base_url/penny_store.php?game=$game>Back</a></p>$closeHTML"); }

	mysql_query("UPDATE members2 SET points=$points-1 WHERE username = '$username' AND game = '$game'");
	mysql_query("INSERT INTO usersitems2 (owner,item_id,parts_left,game) VALUES ('$userid','$find_item2[id]','$find_item2[parts]','$game')");
	mysql_query("INSERT INTO sales_logs2 (bought_from,bought_by,bought_item,bought_price,game) VALUES ('Penny Store $game','$userid','$find_item2[id]','1','$game')");
	mysql_query("DELETE FROM penny_store2 WHERE id = '$item_id' AND game = '$game'");
	header("Location: penny_store.php?game=$game&error=The+item+has+been+purchased!");
}

print "$openHTML<br>";

if (!$act)
{

	$findPage = fetch("SELECT * FROM game_pages WHERE page_title = '$page_title' AND game = '$game'");
	if (!$findPage[id])
	{
		print "<p>Welcome to the Penny Store, here we sell all donated items to our users for just 1 point, however, like we said we only sell donated items. So, please, donate as many items as you can as often as you can, we really need all the help we can get! Thank you very much!!</p>";
	}
	else
	{
		print "$findPage[page_info]";
	}

	$findItems = mysql_query("SELECT * FROM penny_store2 WHERE game = '$game'");
	$numitems = mysql_num_rows($findItems);
	if ($numitems <= 0) { print "<p align=center><i>There are currently no items in stock, please try back later today!</i></p>"; }
	print "<center><table width=100%>";
	while ($getItems = mysql_fetch_array($findItems))
	{
		$getItem = fetch("SELECT * FROM items2 WHERE id = '$getItems[item_id]' AND game = '$game'");
		$getDonater = fetch("SELECT display_name,username FROM members2 WHERE id = '$getItems[donated_by]' AND game = '$game'");

		$y = $x % 5;
		if ($y == 0)
		{
			echo "<tr>";
		}
		echo "<td><p align=center>
		<a href=$base_url/penny_store.php?game=$game&act=get&item_id=$getItems[id]>
		<img src=$base_url/images/user_images/opg_$game/items/item_$getItem[id].gif><br>
		$getItem[item_name]<br>
		1 $pointsVar</a><br>
		Donated by <a href=$base_url/user_profile.php?game=$game&user=$getDonater[username]>$getDonater[display_name]</a>
		</p></td>";
		if ($y == 4)
		{
			echo "</tr>";
		}
		$x++;
	}
	print "</table></center>";
}

print "$closeHTML";
?>